I know that there is a SOAP API, but working with it is really not fun. Do you have any plans on providing a JSON API?

Hey, is it possible to use LaTeX in the discussions? Maybe even via editing the source instead of in the WYSIWYG-Editor? Or are there any plans to add support for LaTeX, e.g. via MathJax or similar?

Some pages that should lead to a 404 error result in internal server error instead. That's considered bad practice.
Example: use the /room endpoint without passing a room ID

I am referring to the Schleswig Holstein Instance of commsy.

Current behaviour

When getting in to the portal the first time one is confronted with all (!) rooms (7635) available in SH. Hence, it is extremely difficult to get to the relevant room. Teachers actually tend to provide the room's URL (i.e. https://unterricht.sh.schulcommsy.de/room/[#]) to simplify the search process.

Suggestion

Introduce at least the level/tag 'school'/'schule' and level (1, ..., 13) on Rooms and probably users as well.

Hi,

I saw this:
https://docs.commsy.net/API/index.html
but where is the documentation about that SOAP API? I searched everywhere, can't find it.

niansa/tuxifan

In some files, you find a lot of unnecessary garbage.
A great example is SoapService.php, lines 283 to 286.
I understand that file is very WIP, but I'd rather recommend to do such stuff in another branch to keep the code clean.
Why do you keep such stuff in code? That commented function does not even match the overall syntax style.

Otherwise; nice code style!

Issue

An appropriately placed attacker can upload a ZIP file with XML files within it. If these XML files contain the payload from billion laughs attack (https://en.wikipedia.org/wiki/Billion_laughs_attack), a denial of service scenario can be created.

Remediation

Before loading the XML into memory, use libxml_disable_entity_loader(true); to ensure no entities can affect your import

When i try to start commsy v10.0.4 i get the following error message:
commsy-php-1 | Waiting for db to be ready... commsy-php-1 | Still waiting for db to be ready... Or maybe the db is not reachable. 59 attempts left

I start commsy with the following command:
sudo ./../.docker/cli-plugins/docker-compose -f docker-compose.yml up

The last message from the db-container is:commsy-db-1 | Version: '10.3.32-MariaDB-1:10.3.32+maria~focal' socket: '/va r/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution

Any tipps?